Spree 3.1 in Heroku.
After installed gem 'spree_social', :git=> 'https://github.com/spree-contrib/spree_social', branch: '3-1-stable'
and setup as described in the gem doc.and developer.facebook.com
I could not login using facebook butoon
Both development and production kept asking for
One more step to complete your registration from Facebook
What possible gone wrong?
:already setup FB APP ID and FB APP Secret in Spree
:Setup App Domains with http://sub.domain.com
:Yes on Client OAuth Login and Web OAuth Login
:No Force Web OAuth Reauthentication and Embedded Browser OAuth Login
It's asked everytime when click FB Login then fill-in user/password (as it supposed to be only first time only.?
$heroku logs -t
2016-11-30T18:39:08.242440+00:00 app[web.1]: Started GET "/users/auth/facebook" for 24.253.3.125 at 2016-11-30 18:39:08 +0000
2016-11-30T18:39:08.245300+00:00 app[web.1]: I, [2016-11-30T18:39:08.245245 #4] INFO -- omniauth: (facebook) Calling through to underlying application for setup.
2016-11-30T18:39:08.246504+00:00 app[web.1]: I, [2016-11-30T18:39:08.246446 #4] INFO -- omniauth: (facebook) Request phase initiated.
2016-11-30T18:39:08.690859+00:00 app[web.1]: Started GET "/users/auth/facebook/callback?code=AQCvn-9bgYXYsw8J4rMHzaXkQFzulZKWrxVzokGsi6l2adj2zsDTB5YUTPoCEwzjLcEdGGohpfuIJ7r_QtiABIdoIBLKTDCtfms2v6jW7yjE7VfthoHgpvRtsJXz8xJL2pIp6BmvHHxq9Ahfnjir3GzWTjbMLJ_300LgpAMoy0PHsjAZh6nzIpyaiQ_PD4HWSqaHfMQds2r-Yd88gS8qJRvvO2qwkBQEXj-4Uaer4uhOnnRKs05SxRrQZAc0mE-gHBiHT-8NXWzmQMEvepBTNJllAfJdamhW78NisYcLHRZRwU0FDyyUVQU5YcIk4vAI_yQ9JKvlpvlNx2fdnw8E5wn45tSs_mZiSgoLhU8Cxg2jBg&state=eb30a2462d75546d28439534dcc560761a5eafefa5b47a75" for 24.253.3.125 at 2016-11-30 18:39:08 +0000
2016-11-30T18:39:08.692550+00:00 app[web.1]: I, [2016-11-30T18:39:08.692484 #4] INFO -- omniauth: (facebook) Calling through to underlying application for setup.
2016-11-30T18:39:08.693727+00:00 app[web.1]: I, [2016-11-30T18:39:08.693638 #4] INFO -- omniauth: (facebook) Callback phase initiated.
2016-11-30T18:39:08.927577+00:00 app[web.1]: Processing by Spree::OmniauthCallbacksController#facebook as HTML
2016-11-30T18:39:08.927612+00:00 app[web.1]: Parameters: {"code"=>"AQCvn-9bgYXYsw8J4rMHzaXkQFzulZKWrxVzokGsi6l2adj2zsDTB5YUTPoCEwzjLcEdGGohpfuIJ7r_QtiABIdoIBLKTDCtfms2v6jW7yjE7VfthoHgpvRtsJXz8xJL2pIp6BmvHHxq9Ahfnjir3GzWTjbMLJ_300LgpAMoy0PHsjAZh6nzIpyaiQ_PD4HWSqaHfMQds2r-Yd88gS8qJRvvO2qwkBQEXj-4Uaer4uhOnnRKs05SxRrQZAc0mE-gHBiHT-8NXWzmQMEvepBTNJllAfJdamhW78NisYcLHRZRwU0FDyyUVQU5YcIk4vAI_yQ9JKvlpvlNx2fdnw8E5wn45tSs_mZiSgoLhU8Cxg2jBg", "state"=>"eb30a2462d75546d28439534dcc560761a5eafefa5b47a75"}
2016-11-30T18:39:08.929944+00:00 app[web.1]: Spree::UserAuthentication Load (1.2ms) SELECT "spree_user_authentications".* FROM "spree_user_authentications" WHERE "spree_user_authentications"."provider" = $1 AND "spree_user_authentications"."uid" = $2 LIMIT 1 [["provider", "facebook"], ["uid", "163770347430817"]]
2016-11-30T18:39:08.932153+00:00 app[web.1]: Spree::User Load (1.2ms) SELECT "spree_users".* FROM "spree_users" WHERE "spree_users"."deleted_at" IS NULL AND "spree_users"."email" IS NULL LIMIT 1
2016-11-30T18:39:08.935508+00:00 app[web.1]: (1.0ms) BEGIN
2016-11-30T18:39:08.937492+00:00 app[web.1]: (0.9ms) ROLLBACK
2016-11-30T18:39:08.938440+00:00 app[web.1]: Redirected to http://MYSUB.DOMAIN.com/user/spree_user/sign_up
2016-11-30T18:39:08.938569+00:00 app[web.1]: Completed 302 Found in 11ms (ActiveRecord: 4.2ms)
I had the same problem - I was getting that "One more step to complete your registration from Facebook" message. Turns out it was because I added a couple of fields to my Spree::User model, and I was validating that they were present (validates :first_name, :last_name, presence: true). The default spree-social code only populates the email address, and then it tries to save the user. It fails (since it didn't populate the first_name and last_name), so it displays that message. I commented out my validation line, and it all works. Now I need to figure out how to get the first_name and last_name back from Facebook so I can fill them in, and then uncomment my validation line.
I hope this helps somebody.
Related
I am running keycloak 19.0.2 in dev mode. When trying to login to microsoft from keycloak (SSO) using the oauth2 flow, I get 502 error in the browser on the callback to keycloak. The code param has a strange value also.
I believe it has something to do with user permissions, but I can clearly see I have defined them.
The callback to the keycloak server throws a 502 error and has strange values in the code params.
The keycloak server errors with the following logs:
2022-10-17 13:08:46,517 ERROR
[org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-42)
Failed to make identity provider oauth callback:
org.keycloak.broker.provider.IdentityBrokerException: Could not obtain user profile
from Microsoft Graph
2022-10-17 13:08:46,542 WARN [org.keycloak.events] (executor-thread-42)
type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=8ca06b23-d544-4464-a3bf-448be5308802,
clientId=recruit-api, userId=null, ipAddress=127.0.0.1,
error=identity_provider_login_failure, code_id=62aaf7bf-9c08-4c88-a7c3-e6f7af282de1,
authSessionParentId=62aaf7bf-9c08-4c88-a7c3-e6f7af282de1,
authSessionTabId=WjArYJ99WyM
paradigm
Hello Everyone
I am trying to integrate SSO on Redmine using keycloak with google as identity provider, i almost got there till i get this error after login account with google and keycloak return redmine following error.
Log redmine:
Completed 200 OK in 53ms (Views: 39.3ms | ActiveRecord: 9.6ms)
Started GET "/auth/saml" for 42.113.145.55 at 2022-08-29 15:09:34 +0700
Started POST "/auth/saml/callback" for 42.113.145.55 at 2022-08-29 15:09:34 +0700
Started GET "/auth/failure?message=invalid_ticket&origin=https%3A%2F%2Fdomain redmine%2Flogin&strategy=saml" for 42.113.145.55 at 2022-08-29 15:09:34 +0700
Processing by AccountController#login_with_saml_failure as HTML
Parameters: {"message"=>"invalid_ticket", "origin"=>"https://domain redmine/login", "strategy"=>"saml"}
Current user: anonymous
Redirected to http://domain redmine/login
Completed 302 Found in 7ms (ActiveRecord: 1.7ms)
Started GET "/login" for 42.113.145.55 at 2022-08-29 15:09:35 +0700
Processing by AccountController#login as HTML
enter image description here
i'm guessing that the cause of the problem lies in the mappers identity provider, client on Keycloak , i have no experience with this , can someone help me to see if my mappers configuration is correctenter image description here
enter image description here
I have two Keycloak instances, A is an IdP for B. From the login screen of B, this works as it should.
However, I can’t get IDP Initiated SSO from A to B to work. I filled the "IDP Initiated SSO URL Name” field with a name (say “bbbbb”) in A.
When I try to navigate to: http://aaaaa/auth/realms/his/protocol/saml/clients/bbbbb
I always end up with the following logging:
22:42:02,993 DEBUG [org.keycloak.services] (default task-23) Authorization code is not valid. Code: null
22:42:02,994 WARN [org.keycloak.events] (default task-23) type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=master, clientId=null, userId=null, ipAddress=127.0.0.1, error=staleCodeMessage
22:42:02,994 ERROR [org.keycloak.services] (default task-23) staleCodeMessage
Which in itself is not surprising, because indeed, there is no Authorization code in play here, but that’s the whole idea of IDP Initiated SSO, no?
What must I do to get this to work?
Thanks in advance!
I faced the same issue, this happens if you use the same realm name in both Keycloak instances.
I followed the documentation here: and here: Trying to integrate to a Personality Insights service via Android Java.
However, after the app runs, and using the correct username and password as mentioned in the guide... (the guide is not clear (2nd bullet point in "Before you begin") on which set of credentials to use - It says get the "service credentials" and credentials from the new service created - I tried with both and both fail with the same error below.)
Error:
12-11 01:49:56.201 29584-29632/? I/CredentialUtils: JNDI string lookups is not available. 12-11 01:49:56.269 29584-29632/? D/NetworkSecurityConfig: No Network Security Config specified, using platform default 12-11 01:49:56.723 29584-29632/? D/OkHttp: --> POST https://gateway.watsonplatform.net/personality-insights/api/v3/profile?version=2017-10-13 http/1.1 (1297-byte body) 12-11 01:49:56.803 29584-29632/? D/OkHttp: <-- 401 Not Authorized https://gateway.watsonplatform.net/personality-insights/api/v3/profile?version=2017-10-13 (78ms, unknown-length body) 12-11 01:49:56.863 29584-29632/? E/WatsonService: POST https://gateway.watsonplatform.net/personality-insights/api/v3/profile?version=2017-10-13, status: 401, error: Not Authorized 12-11 01:49:56.865 29584-29632/? E/ERROR: Unauthorized: Access is denied due to invalid credentials
com.ibm.watson.developer_cloud.service.exception.UnauthorizedException: Unauthorized: Access is denied due to invalid credentials at com.ibm.watson.developer_cloud.service.WatsonService.processServiceCall(WatsonService.java:492) at com.ibm.watson.developer_cloud.service.WatsonService$2.execute(WatsonService.java:254) at com.upen.personalityapp.MainActivity$RetrieveFeedTask.doInBackground(MainActivity.java:105) at com.upen.personalityapp.MainActivity$RetrieveFeedTask.doInBackground(MainActivity.java:87) at android.os.AsyncTask$2.call(AsyncTask.java:306) at java.util.concurrent.FutureTask.run(FutureTask.java:237) at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:244) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607) at java.lang.Thread.run(Thread.java:761) 12-11 01:49:56.866 29584-29584/?
This is the code I am using; I am trying to pass a "text" input to the service.
service = new PersonalityInsights("2017-10-13");
service.setUsernameAndPassword("{myUsername}", "{myPassword}");
Profile profile = service.getProfile(text).execute();
System.out.println(profile);
return profile.toString();
I am using the com.ibm.watson.developer_cloud:personality-insights:3.8.0 dependency.
I tried connecting to the URL in the error (https://gateway.watsonplatform.net/personality-insights/api/v3/profile?version=2017-10-13 ) via a browser. It prompts for a username/password combo. I entered my details from my IBM Cloud Lite service but it throws the HTTP Error 405. Is this how it's supposed to work on the browser?
For someone in the future;
Instead of service.setUsernameAndPassword(username, password);, I tried service.setUsernameAndPassword("username", "password"); and it worked.
We are currently trying to deploy CAS 4.0.1 on a JBoss EAP 6.3.0 server.
The login webflow was customised in order to redirect to a specific login form depending on the service calling CAS for authentication. Depending on these forms, we use specific authentication handlers, and a specific Credential model. Besides that, the configuration is rather standard.
At the moment, we are experiencing the following issue: when a user attempts to access a service secured by CAS, he is correctly redirected to the portal, and the expected login view is rendered ; upon successful login, the Service Ticket is delivered to the authentication filter on the service side (standard j_spring_cas_security_check), which then validates it successfully against CAS' ticket registry. We see in the logs that CAS is rendering the cas2ServiceSuccessView ; however, instead of delivering the expected XML response, the user is redirected to the login form.
We then confirmed that we were in fact getting a 404 error after the cas2ServiceSuccessView... Any idea what could trigger such behaviour/what we could have done wrong ?
Note that we are getting the same error regardless of how we call CAS for the ST validation: whether it is manually through /serviceValidate?ticket=ST-YYY&service=XXX, or via the /j_spring_cas_security_check on the service side...
Edit: we have the same behaviour running CAS on Tomcat 7.
Thanks in advance.
Below the debug logs that we are getting:
08:54:10,806 DEBUG [org.springframework.web.servlet.DispatcherServlet] (http-/0.0.0.0:8080-7) Last-Modified value for [/cas/serviceValidate] is: -1
08:54:10,809 INFO [org.perf4j.TimingLogger] (http-/0.0.0.0:8080-7) start[1433314450807] time[2] tag[VALIDATE_SERVICE_TICKET]
08:54:10,810 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] (http-/0.0.0.0:8080-7) Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: ST-3-uecoOwdbdIn4bc2WvXfe-cas-test
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Wed Jun 03 08:54:10 CEST 2015
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
08:54:10,810 DEBUG [org.springframework.validation.DataBinder] (http-/0.0.0.0:8080-7) DataBinder requires binding of required fields [renew]
08:54:10,811 DEBUG [org.springframework.web.servlet.DispatcherServlet] (http-/0.0.0.0:8080-7) Rendering view [org.springframework.web.servlet.view.InternalResourceView: name 'cas2ServiceSuccessView'; URL [/WEB-INF/view/jsp/cas2ServiceSuccessView.jsp]] in DispatcherServlet with name 'cas'
08:54:10,811 DEBUG [org.springframework.web.servlet.view.InternalResourceView] (http-/0.0.0.0:8080-7) Added model object 'assertion' of type [org.jasig.cas.validation.ImmutableAssertion] to request in view with name 'cas2ServiceSuccessView'
08:54:10,811 DEBUG [org.springframework.web.servlet.view.InternalResourceView] (http-/0.0.0.0:8080-7) Removed model object 'pgtIou' from request in view with name 'cas2ServiceSuccessView'
08:54:10,811 DEBUG [org.springframework.web.servlet.view.InternalResourceView] (http-/0.0.0.0:8080-7) Forwarding to resource [/WEB-INF/view/jsp/cas2ServiceSuccessView.jsp] in InternalResourceView 'cas2ServiceSuccessView'
08:54:10,812 DEBUG [org.springframework.web.servlet.DispatcherServlet] (http-/0.0.0.0:8080-7) Successfully completed request
08:54:10,814 DEBUG [org.springframework.web.servlet.DispatcherServlet] (http-/0.0.0.0:8080-7) DispatcherServlet with name 'cas' processing GET request for [/cas/login]
08:54:10,814 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] (http-/0.0.0.0:8080-7) Mapping request with URI '/cas/login' to flow with id 'login'
In SpringSecurity 4.x, CasAuthenticationFilter's defaultFilterProcessesUrl path is changed.
So Change '/j_spring_cas_security_check' to '/login/cas' in Configuration.
... and of course, the cause was rather silly: somehow (I have to look at our merge/git history), the viewResolver bean defined in cas-servlet.xml did not have a basenames property set.